Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/drivers/net/wireguard/cookie.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) // SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6) #include "cookie.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7) #include "peer.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8) #include "device.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9) #include "messages.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10) #include "ratelimiter.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11) #include "timers.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13) #include <crypto/blake2s.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) #include <crypto/chacha20poly1305.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) #include <net/ipv6.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) #include <crypto/algapi.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) void wg_cookie_checker_init(struct cookie_checker *checker,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) 			    struct wg_device *wg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) 	init_rwsem(&checker->secret_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) 	checker->secret_birthdate = ktime_get_coarse_boottime_ns();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) 	get_random_bytes(checker->secret, NOISE_HASH_LEN);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) 	checker->device = wg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) enum { COOKIE_KEY_LABEL_LEN = 8 };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) static const u8 mac1_key_label[COOKIE_KEY_LABEL_LEN] = "mac1----";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) static const u8 cookie_key_label[COOKIE_KEY_LABEL_LEN] = "cookie--";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) static void precompute_key(u8 key[NOISE_SYMMETRIC_KEY_LEN],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) 			   const u8 pubkey[NOISE_PUBLIC_KEY_LEN],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) 			   const u8 label[COOKIE_KEY_LABEL_LEN])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) 	struct blake2s_state blake;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) 	blake2s_init(&blake, NOISE_SYMMETRIC_KEY_LEN);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) 	blake2s_update(&blake, label, COOKIE_KEY_LABEL_LEN);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) 	blake2s_update(&blake, pubkey, NOISE_PUBLIC_KEY_LEN);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) 	blake2s_final(&blake, key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44) /* Must hold peer->handshake.static_identity->lock */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) void wg_cookie_checker_precompute_device_keys(struct cookie_checker *checker)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) 	if (likely(checker->device->static_identity.has_identity)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) 		precompute_key(checker->cookie_encryption_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) 			       checker->device->static_identity.static_public,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) 			       cookie_key_label);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) 		precompute_key(checker->message_mac1_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) 			       checker->device->static_identity.static_public,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) 			       mac1_key_label);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) 	} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) 		memset(checker->cookie_encryption_key, 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) 		       NOISE_SYMMETRIC_KEY_LEN);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) 		memset(checker->message_mac1_key, 0, NOISE_SYMMETRIC_KEY_LEN);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) void wg_cookie_checker_precompute_peer_keys(struct wg_peer *peer)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) 	precompute_key(peer->latest_cookie.cookie_decryption_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) 		       peer->handshake.remote_static, cookie_key_label);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) 	precompute_key(peer->latest_cookie.message_mac1_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) 		       peer->handshake.remote_static, mac1_key_label);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) void wg_cookie_init(struct cookie *cookie)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) 	memset(cookie, 0, sizeof(*cookie));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) 	init_rwsem(&cookie->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) static void compute_mac1(u8 mac1[COOKIE_LEN], const void *message, size_t len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 			 const u8 key[NOISE_SYMMETRIC_KEY_LEN])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) 	len = len - sizeof(struct message_macs) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) 	      offsetof(struct message_macs, mac1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) 	blake2s(mac1, message, key, COOKIE_LEN, len, NOISE_SYMMETRIC_KEY_LEN);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) static void compute_mac2(u8 mac2[COOKIE_LEN], const void *message, size_t len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 			 const u8 cookie[COOKIE_LEN])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) 	len = len - sizeof(struct message_macs) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 	      offsetof(struct message_macs, mac2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) 	blake2s(mac2, message, cookie, COOKIE_LEN, len, COOKIE_LEN);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) static void make_cookie(u8 cookie[COOKIE_LEN], struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) 			struct cookie_checker *checker)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) 	struct blake2s_state state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 	if (wg_birthdate_has_expired(checker->secret_birthdate,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) 				     COOKIE_SECRET_MAX_AGE)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 		down_write(&checker->secret_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 		checker->secret_birthdate = ktime_get_coarse_boottime_ns();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 		get_random_bytes(checker->secret, NOISE_HASH_LEN);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 		up_write(&checker->secret_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) 	down_read(&checker->secret_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 	blake2s_init_key(&state, COOKIE_LEN, checker->secret, NOISE_HASH_LEN);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) 	if (skb->protocol == htons(ETH_P_IP))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 		blake2s_update(&state, (u8 *)&ip_hdr(skb)->saddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) 			       sizeof(struct in_addr));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) 	else if (skb->protocol == htons(ETH_P_IPV6))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) 		blake2s_update(&state, (u8 *)&ipv6_hdr(skb)->saddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) 			       sizeof(struct in6_addr));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) 	blake2s_update(&state, (u8 *)&udp_hdr(skb)->source, sizeof(__be16));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) 	blake2s_final(&state, cookie);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) 	up_read(&checker->secret_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) enum cookie_mac_state wg_cookie_validate_packet(struct cookie_checker *checker,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) 						struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) 						bool check_cookie)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) 	struct message_macs *macs = (struct message_macs *)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) 		(skb->data + skb->len - sizeof(*macs));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) 	enum cookie_mac_state ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) 	u8 computed_mac[COOKIE_LEN];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) 	u8 cookie[COOKIE_LEN];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) 	ret = INVALID_MAC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) 	compute_mac1(computed_mac, skb->data, skb->len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) 		     checker->message_mac1_key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) 	if (crypto_memneq(computed_mac, macs->mac1, COOKIE_LEN))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) 	ret = VALID_MAC_BUT_NO_COOKIE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) 	if (!check_cookie)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) 	make_cookie(cookie, skb, checker);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) 	compute_mac2(computed_mac, skb->data, skb->len, cookie);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) 	if (crypto_memneq(computed_mac, macs->mac2, COOKIE_LEN))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) 	ret = VALID_MAC_WITH_COOKIE_BUT_RATELIMITED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) 	if (!wg_ratelimiter_allow(skb, dev_net(checker->device->dev)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) 	ret = VALID_MAC_WITH_COOKIE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) 	return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) void wg_cookie_add_mac_to_packet(void *message, size_t len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) 				 struct wg_peer *peer)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) 	struct message_macs *macs = (struct message_macs *)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) 		((u8 *)message + len - sizeof(*macs));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 	down_write(&peer->latest_cookie.lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) 	compute_mac1(macs->mac1, message, len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) 		     peer->latest_cookie.message_mac1_key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) 	memcpy(peer->latest_cookie.last_mac1_sent, macs->mac1, COOKIE_LEN);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) 	peer->latest_cookie.have_sent_mac1 = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) 	up_write(&peer->latest_cookie.lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) 	down_read(&peer->latest_cookie.lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) 	if (peer->latest_cookie.is_valid &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) 	    !wg_birthdate_has_expired(peer->latest_cookie.birthdate,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) 				COOKIE_SECRET_MAX_AGE - COOKIE_SECRET_LATENCY))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) 		compute_mac2(macs->mac2, message, len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) 			     peer->latest_cookie.cookie);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) 	else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) 		memset(macs->mac2, 0, COOKIE_LEN);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) 	up_read(&peer->latest_cookie.lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) void wg_cookie_message_create(struct message_handshake_cookie *dst,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) 			      struct sk_buff *skb, __le32 index,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) 			      struct cookie_checker *checker)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) 	struct message_macs *macs = (struct message_macs *)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) 		((u8 *)skb->data + skb->len - sizeof(*macs));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) 	u8 cookie[COOKIE_LEN];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) 	dst->header.type = cpu_to_le32(MESSAGE_HANDSHAKE_COOKIE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) 	dst->receiver_index = index;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) 	get_random_bytes_wait(dst->nonce, COOKIE_NONCE_LEN);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) 	make_cookie(cookie, skb, checker);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) 	xchacha20poly1305_encrypt(dst->encrypted_cookie, cookie, COOKIE_LEN,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) 				  macs->mac1, COOKIE_LEN, dst->nonce,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) 				  checker->cookie_encryption_key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) void wg_cookie_message_consume(struct message_handshake_cookie *src,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) 			       struct wg_device *wg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) 	struct wg_peer *peer = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) 	u8 cookie[COOKIE_LEN];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) 	bool ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) 	if (unlikely(!wg_index_hashtable_lookup(wg->index_hashtable,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) 						INDEX_HASHTABLE_HANDSHAKE |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) 						INDEX_HASHTABLE_KEYPAIR,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) 						src->receiver_index, &peer)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) 		return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) 	down_read(&peer->latest_cookie.lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) 	if (unlikely(!peer->latest_cookie.have_sent_mac1)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) 		up_read(&peer->latest_cookie.lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) 	ret = xchacha20poly1305_decrypt(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) 		cookie, src->encrypted_cookie, sizeof(src->encrypted_cookie),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) 		peer->latest_cookie.last_mac1_sent, COOKIE_LEN, src->nonce,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) 		peer->latest_cookie.cookie_decryption_key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) 	up_read(&peer->latest_cookie.lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) 	if (ret) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) 		down_write(&peer->latest_cookie.lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) 		memcpy(peer->latest_cookie.cookie, cookie, COOKIE_LEN);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) 		peer->latest_cookie.birthdate = ktime_get_coarse_boottime_ns();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) 		peer->latest_cookie.is_valid = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) 		peer->latest_cookie.have_sent_mac1 = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) 		up_write(&peer->latest_cookie.lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) 	} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) 		net_dbg_ratelimited("%s: Could not decrypt invalid cookie response\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) 				    wg->dev->name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) 	wg_peer_put(peer);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) }
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.